REMARKS 

The Office Action dated December 23, 2008, has been received and carefully 
noted. The above amendments to the claims, and the following remarks, are submitted as 
a full and complete response thereto. 

By this Response, claims 1, 10, 14, 18, 22-23, and 25 have been amended to more 
particularly point out and distinctly claim the subject matter of the present invention. No 
new matter has been added. Support for the above smiendments is provided in the 
Specification, at least, in paragraph [0028]. Accordingly, claims 1-8, 10-12, and 14-26 
are currently pending in the application, of which claims 1, 10, 14, 16, 18, and 21-26 are 
independent claims. 

In view of the above amendments and the following remarks, Applicants 
respectfully request reconsideration and timely withdrawal of the pending rejections to 
the claims for the reasons discussed below. 

Claim Rejections under 35 U.S.C. §102(e) 

The Office Action rejected claims 1-6, 8, 10-12, 14-16, and 18-26 under 35 U.S.C. 
§ 102(e) as allegedly anticipated by Leung, et al. (U.S. Patent No. 6,760,444) ("Leung"). 
The Office alleged that Leung discloses or suggests each and every claim element recited 
in claims 1-6, 8, 10-12, 14-16, and 18-26. Applicants respectfully submit that the claims 
recite subject matter that is neither disclosed nor suggested in Leung. 
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Claim 1, upon which claims 2-8 depend, recites an apparatus. The apparatus 
includes an application device, a service device, and a communication network 
configured to connect the application device to the service device. The apparatus further 
includes an internet protocol security service unit configured to provide one or more 
internet protocol security services including at least one of authentication services and 
encryption services. The internet protocol security service unit is deployed in the service 
device. The apparatus further includes at least one management client configured to 
issue, in response to communication received at the application device fi-om a user 
equipment via a session key management protocol, security association management 
requests to create and manage, with the session key management protocol, security 
associations for use by the provided internet protocol security services. The at least one 
management client is deployed in the application device. Further, the apparatus includes 
a management server configured to receive the security association management requests 
issued firom the at least one management client and to respond, in connection with the 
internet protocol security service unit, to the security association management requests 
received at the management server. The management server is deployed in the service 
device. 

Claim 10, upon which claims 11-12 depend, recites a method. The method 
includes providing one or more internet protocol security services including at least one 
of authentication services and encryption services from an internet protocol security 
service unit. The internet protocol security service unit is deployed in a service device. 

-14- Application No.: 10/720,054 



The method further includes issuing, in response to communication received at an 
application device from a user equipment via a session key management protocol, 
security association management requests to create and manage, with the session key 
management protocol, security associations for use by the provided internet protocol 
security services, from at least one management client. The at least one management 
client is deployed in an application device. Further, the method includes receiving in a 
management server the security association management requests issued from the at least 
one management client, and responding, in connection with the internet protocol security 
service unit, to the security association management requests received at the management 
server. The management server is deployed in the service device. The application device 
is connected to the service device by a conununication network. 

Claim 14, upon which claim 15 depends, recites an apparatus. The apparatus 
includes at least one management client configured to issue, in response to 
communication received at the apparatus from a user equipment via a session key 
management protocol, security association management requests to create and manage, 
with the session key management protocol, security associations for use by on or more 
internet protocol security services including at least one of authentication services and 
encryption services provided by an internet protocol security service unit external to the 
apparatus. The apparatus ftirther includes an interface configured to conmiunicate the 
issued security association management requests to a management server external to the 
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apparatus, The management server is configured to respond to the security association 
management requests in connection with the internet protocol security service unit. 

Claim 16, upon which claim 17 depends, recites an apparatus. The apparatus 
includes an internet protocol security service unit configured to provide one or more 
internet protocol security services including at least one of authentication services and 
encryption services. The apparatus further includes a management server configured to 
receive security association management requests issued from at least one management 
client external to the apparatus and to respond, in connection with the internet protocol 
security service unit, to the received security association management requests. 

Claim 18, upon which claims 19-20 depend, recites a method. The method 
includes issuing, in response to communication received at an application device from a 
user equipment via a session key management protocol, from at least one management 
client deployed in the application device, security association management requests to 
create and manage, with the session key management protocol, security associations for 
use by one or more mtemet protocol security services including at least one of 
authentication services and encryption services provided by an internet protocol security 
service unit external to the application device. The method further includes 
communicating at least one of the issued security association management requests to a 
management server external to the application device. The management server is 
configured to respond to the security association management requests in connection with 
the internet protocol security service unit. 
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Claim 21 recites a method. The method includes providing one or more internet 
protocol security services including at least one of authentication services and encryption 
services from an internet protocol security service unit. The internet protocol security 
service unit is deployed in a service device. The method further includes receiving 
security association management requests issued from at least one management client 
external to the service device and responding, in connection with the providing the one or 
more internet protocol security services, to the received security association management 
requests. 

Claim 22 recites a computer readable storage medium encoded with instructions 
that, when executed by a computer, performs a process. The process includes providing 
one or more internet protocol security services including at least one of authentication 
services and encryption services from an internet protocol security service unit. The 
internet protocol security service unit is deployed in a service device. The process further 
includes issuing, in response to conununication received at an application device from a 
user equipment via a session key management protocol, security association management 
requests to create and manage, with the session key management protocol, security 
associations for use by the provided internet protocol security services, from at least one 
management client. The at least one management client is deployed in the application 
device. Further, the process includes receiving in a management server the security 
association management requests issued from the at least one management client, and 
responding, in connection with the internet protocol security service unit, to the security 
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association management requests received at the management server. The management 
server is deployed in the service device. The application device is connected to the 
service device by a communication network. 

Claim 23 recites a computer readable storage medium encoded with instructions 
that, when executed by a computer, performs a process. The process includes issuing, in 
response to communication received at an application device from a user equipment via a 
session key management protocol, from at least one management client deployed in the 
application device, security association management requests to create and manage, with 
the session key management protocol, security associations for use by one or more 
internet protocol security services including at least one of authentication services and 
encryption services provided by an internet protocol security service unit external to the 
application device. The process ftirther includes communicating at least one of the issued 
security association management requests to a management server external to the 
application device, the management server configured to respond to the security 
association management requests in connection with the internet protocol security service 
unit. 

Claim 24 recites a computer readable storage medium encoded with instructions 
that, when executed by a computer, performs a process. The process includes providing 
one or more internet protocol security services including at least one of authentication 
services and encryption services from an internet protocol security service unit. The 
internet protocol security service unit is deployed in a service device. The process further 
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includes receiving security association management requests issued from at least one 
management client extemal to the service device and responding, in connection with the 
providing the one or more intemet protocol security services, to the received security 
association management requests. 

Claim 25 recites an apparatus. The apparatus includes managing means for 
issuing, in response to conmiunication received at the apparatus from a user equipment 
via a session key management protocol, security association management requests to 
create and manage, with the session key management protocol, security associations for 
use by one or more intemet protocol security services including at least one of 
authentication services and encryption services provided by an intemet protocol security 
service means extemal to the apparatus. The apparatus further includes communicating 
means for communicating the issued security association management requests to a 
management server extemal to the apparatus, the management server configured to 
respond to the security association management requests in connection with the intemet 
protocol security service means. 

Claim 26 recites an apparatus. The apparatus includes intemet protocol security 
service means for providing one or more intemet protocol security services including at 
least one of authentication services and encryption services. The apparatus further 
includes receiving means for receiving security association management requests issued 
from at least one management client extemal to the apparatus and for responding, in 
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connection with the internet protocol security service means, to the received security 
association management requests. 

As will be discussed below, Leung fails to disclose or suggest each and every 
element recited in claims 1-6, 8, 10-12, 14-16, and 18-26, and therefore fails to provide 
the features discussed above. 

Leung is directed to mobile IP authentication. In particular, Leung describes a 
method and apparatus for authenticating a mobile node. A server is configured to 
provide a plurality of security associations associated with a plurality of mobile nodes. A 
packet identifying a mobile node may then be sent to the server fi-om a network device 
such as a home agent. A security association for the mobile node identified in the packet 
may then be sent to tiie network device to permit authentication of the mobile node. 
Alternatively, authentication of the mobile node may be performed at the server by 
applying the security association (Leung, Abstract; col. 4, line 65, to col. 5, line 36). 

Applicants respectfully submit that Leung fails to disclose or suggest each and 

every element recited in claims 1, 10, 14, 16, 18, and 21-26. In particular, Leung fails to 

disclose or suggest, at least, 

an internet protocol security service unit configured to provide one or more 
internet protocol security services comprising at least one of 
authentication services and encryption services, said internet protocol 
security service unit deployed in said service device; 

at least one management client configured to issue, in response to 
communication received at said application device fi"om a user equipment 
via a session key management protocol, security association management 
requests to create and manage, with said session key management protocol, 
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security associations for use by said provided internet protocol security 
services, said at least one management client deployed in said application 
device; and 

a management server configured to receive said security association 
management requests issued from said at least one management client and 
to respond, in connection with said internet protocol security service unit, 
to said security association management requests received at said 
management server, said management server deployed in said service 
device, 

as recited in claim 1. 

Rather, as previously discussed, Leung describes mobile IP authentication, 
whereby a centralized repository, e.g., the server, is provided to store security 
associations for mobile nodes. Retrieval of security associations may be performed in a 
single location. Accordingly, security associations may be retrieved to authenticate 
mobile nodes at a Home Agent and at the server. Leung further describes that the Home 
Agent receives a registration request from the mobile node, and subsequently sends a 
packet identifying the mobile node to a security server. The security server provides the 
security associations to the mobile node. 

However, Leung fails to describe or suggest a distribution of the actual internet 
protocol security service and its associated key management to different devices. 
Specifically, Leung fails to describe or suggest an arrangement in which the security 
association management application is divided into a management client and a 
management server, whereby the management server is deployed in the same device as 
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the internet protocol service unit, and the management client is deployed at another 
device of its own. 

Furthermore, Leung fails to disclose or suggest, at least, "at least one management 
client configured to issue, in response to communication received at said application 
device from a user equipment via a session key management protocol, security 
association management requests to create and manage, with said session key 
management protocol, security associations for use by said provided internet protocol 
security services, said at least one management client deployed m said application 
device," as recited in claim 1 (emphasis added). 

Rather, Leung merely describes that the mobile node communicates with the 
Home Agent usmg MIP extensions (Leung, col. 8, lines 27-36). 

Furthermore, the teachings of Leung fail to mention that security associations or 
authentication services are handled by the server's internet protocol security services. In 
fact, Leung fails to disclose or suggest internet protocol security services at all. Rather, 
Leung clearly describes that "a server handles security associations for a home agent," i.e., 
Leung indicates that the server acts as a security association repository for the home 
Agent. Leung further mentions that, in response to receiving a packet identifying the 
mobile node (e.g., an authorization request packet) from the home agent, the server obtains 
a security association for the mobile node identified in this packet and sends the security 
association to the home agent (Leung, col. 7, lines 33-40). The server does not participate 
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in this authentication. Rather, the actual authentication is performed solely by the home 
agent. 

Additionally, Internet protocol security or IPsec is a set of protocols for providing 
confidentiality services and authentication services to IP traffic. In contrast, the 
authentication process discussed in Leung relates to a mobile IP protocol, and more 
particularly to registration of a mobile node with its home agent. One of ordinary skill in 
the art would understand that the mobile IP protocol discussed in Leung is a completely 
different technology from IPsec. 

Nevertheless, even if the authentication process of the mobile IP protocol 
discussed in Leung were considered to read upon the authentication processes of IPsec, 
Leung still fails to disclose or suggest an arrangement, as taught by certain embodiments 
of the present invention, in which the security association management application is 
divided into a management client and a management server (two separate elements), 
wherein the management server is deployed at a same device with the internet protocol 
security service imit, and the management client is deployed at another device on its own, 
as discussed above. 

Furthermore, Applicants respectfully submit that it would be improper to conclude 
that Leung uses a session key management protocol from the teachings of Leung ttiat 
security associations possibly include keys. Since the security association discussed in 
Leung already defines the key and algorithm to be applied during the authentication 
process {e.g., Leung; col. 3, lines 6-8), there is no need for a separate key management 
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protocol. Furthermore, even if a key management protocol could be used, Leung fails to 
provide motivation for it to be a session key management protocol. Accordingly, Leung 
fails to disclose or suggest each and every claim element recited in claim 1. 

Claims 10, 14, 16, 18, and 21-26 each have their own claim scope, but also contain 
similar limitations recited in claim 1. Accordingly, for similar reasons noted above for 
claim 1, Applicants respectfully submit that Leung fails to disclose or suggest each and 
every element recited in claims 10, 14, 16, 18, and 21-26. 

Claims 2-6 and 8 depend from claim 1. Claims 11-12 depend from claim 10. 
Claim 15 depends from claim 14. Claim 17 depends from claim 16. Accordingly, claims 
2-6, 8, 11-12, and 15 should be allowable for at least their dependency upon an allowable 
base claim, and for the specific limitations recited therein. 

Therefore, Applicants respectfiilly request withdrawal of the rejections of claims 
1-6, 8, 10-12, 14-16, and 18-26 under 35 U.S.C. §102(e) and respectfiilly submit that 
claims 10, 10, 14, 16, 18, and 21-26, and the claims that depend therefrom, are now in 
condition for allowance. 

Claim Rejections under 35 U.S.C. §103(a) 

The Office Action rejected claims 7 and 17 under 35 U.S.C. § 103(a) as being 
allegedly unpatentable over Leung. Applicants respectfiilly submit that the claims recite 
subject matter that is neither disclosed nor suggested in Leung. 
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Applicants note that the Office Action indicated that claim 17 was rejected under 

35 U.S.C. § 103(a) based on the description in Leung, but referred to features recited in 

claim 7 in taking Official Notice that it is well-known in the art to implement computer 

connection using a local network. Applicants submit that the Office Action appears to be 

rejectmg both claims 7 and 17, and therefore traverse the Office Action's rejections of 

both claims 7 and 17 under 35 U.S.C. §103(a) based on Leung. 

As previously noted above, Leung fails to disclose or suggest each and 
every element recited in claims 1 and 16. Specifically, Leung fails to 
disclose or suggest, at least, 

an intemet protocol security service unit configured to provide one or more 
internet protocol security services comprising at least one of 
authentication services and encryption services, said intemet protocol 
security service unit deployed in said service device; 

at least one management client configured to issue, in response to 
communication received at said application device from a user equipment 
via a session key management protocol , security association management 
requests to create and manage, with said session key management protocol, 
security associations for use by said provided intemet protocol security 
services, said at least one management client deployed in said application 
device; and 

a management server configured to receive said security association 
management requests issued from said at least one management client and 
to respond, in connection with said intemet protocol security service unit, 
to said security association management requests received at said 
management server, said management server deployed in said service 
device, 

as recited in claim 1 (emphasis added), and similarly recited in claim 16. 
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Claim 7 depends from claim 1. Claim 17 depends from claim 16. Accordingly, 
claims 7 and 17 should be allowable for at least their dependency upon an allowable base 
claim, and for the specific limitations recited therein. 

Therefore, Applicants respectfully request withdrawal of the rejections of claims 7 
and 17 under 35 U.S.C. § 103(a) and respectfiilly submit that claims 1 and 16, and the 
claims that depend therefrom, are now in condition for allowance. 

CONCLUSION 

In conclusion. Applicants respectfiilly submit that Leung fails to disclose or 
suggest each and every element recited in claims 1-8, 10-12, and 14-26. The distinctions 
previously noted are more than sufficient to render the claimed invention unanticipated 
and non-obvious. It is therefore respectfiilly requested that all of claims 1-8, 10-12, and 
14-26 be allowed, and this present application be passed to issue. 

If for any reason the Examiner determines that the application is not now in 
condition for allowance, it is respectfiilly requested that the Examiner contact, by 
telephone. Applicants' undersigned representative at the indicated telephone number to 
arrange for an interview to expedite the disposition of this application. 
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In the event this paper is not being timely filed. Applicants respectfully petition for 
an appropriate extension of time. Any fees for such an extension together with any 
additional fees may be charged to Counsel's Deposit Account 50-2222. 
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